Mona Wang was an ICFP fellow who worked with Citizen Lab to conduct an in-depth analysis of the WeChat application’s security and privacy practices.
With over 1.2 billion monthly active users, WeChat is the most popular messaging and social media platform in China, and third in the world. For vulnerable populations that must use WeChat (for instance, domestic journalists and foreign correspondents, grassroots and diaspora activists), precise threat modelling is of utmost importance. This kind of risk assessment requires a more granular security and privacy analysis, to understand the shape and nature of the risks.
During her fellowship, Mona reverse-engineered WeChat’s custom transport-layer encryption protocol and provided tooling for other researchers to intercept and decrypt network traffic. She used this tooling to perform an in-depth security and privacy review of the application, including an analysis of popular MiniPrograms on the WeChat application ecosystem.
Learn more about her research.